Available MFA modules

Time-based One-Time Password MFA module

Home Assistant generates a secret key which is synchronized with an app on your phone. Every thirty seconds or so the phone app generates a random six digit number. Because Home Assistant knows the secret key, it knows which number will be generated. If you enter the correct digits, then you’re in.

Setting up TOTP

Enable TOTP in your configuration.yaml like this:

homeassistant:
auth_mfa_modules:
- type: totp

If no auth_mfa_modules config section is defined in configuration.yaml a TOTP module named “Authenticator app” will be autoloaded.

You will need an authenticator app on your phone. We recommend either Google Authenticator or Authy. Both are available for iOS or Android.

After restarting Home Assistant, go to your profile page and there should be a “Multi-factor Authentication Modules” section.

Click Enable and a new secret key will be generated. Go to your phone app and enter the key, either by scanning the QR code or typing in the key below the QR code manually.

Please treat the secret key like a password - never expose it to others.

Your phone app will now start generating a different six-digit code every thirty seconds or so. Enter one of these into Home Assistant under the QR code where it asks for a Code. Home Assistant and your phone app are now in sync and you can now use the code displayed in the app to log in.

Using TOTP

Once TOTP is enabled, Home Assistant requires the latest code from your phone app before you can log in.

TOTP is time based so it relies on your Home Assistant clock being accurate. If the verification keeps failing, make sure the clock on Home Assistant is correct.

Notify multi-factor authentication module

The Notify MFA module uses the notify component to send you an HMAC-based One-Time Password. It is typically sent to your phone, but can be sent to any destination supported by a notify service. You use this password to log in.